function isSecretPass($gCookie, $uid, $dbid)
{
global $isRoot, $isAdmin, $v_LogId, $table, $THIS_FILE;
if (!strstr($gCookie, $table . "_" . $uid . "_")) {
if (!$v_LogId || $v_LogId && $v_LogId != $dbid) {
if (!$isRoot && !$isAdmin) {
putErrPage(getErrorMsg(4));
}
}
}
}
<?php
session_start();
include './conf/db_info.php';
include './conf/db/' . $DB[kind] . '.php';
include './lib/init_check.php';
$DB_CONNECT = isConnectDb($DB[host], $DB[user], $DB[pass]);
$DB_USEMYDB = isSelecteDb($DB[name], $DB_CONNECT);
if (!$DB_CONNECT) {
putErrPage(getErrorMsg(0));
}
if (!$DB_USEMYDB) {
putErrPage(getErrorMsg(1));
}
include './conf/root_info.php';
include './conf/member_info.php';
$initTime = getNowTimes();
$MEMBER = getMemberLog($HTTP_SESSION_VARS[KimsLogId], 1, $DB_CONNECT);
$v_LogId = $MEMBER[MB_ID];
$isRoot = getIsRoot();
$isAdmin = 0;
$skin[head] = $skin[head] ? $skin[head] : 'default';
$skin[foot] = $skin[foot] ? $skin[foot] : 'default';
$HeadImg = './template/header/' . $skin[head] . '/image';
$FootImg = './template/footer/' . $skin[foot] . '/image';
$SearImg = './lib/module/search/image';
include './lib/module/search/func.php';
@(include './template/header/' . $skin[head] . '/header.php');
include './lib/init_open.php';
@(include './lib/module/search/search.php');
@(include './bbs/lib/include/inline/hidden.php');
}
$ViewPerm = getEnterPerm($bbs[ViewPm], "", true, true);
if (!$ViewPerm) {
putErrPage(getErrorMsg(2));
}
$WritePerm = getEnterPerm($bbs[WritePm], "", true, true);
if (!$WritePerm) {
$Wauth = "none";
}
$ReplyPerm = getEnterPerm($bbs[ReplyPm], "", true, true);
if (!$ReplyPerm) {
$Rauth = "none";
}
$RCD = db_fetch_array(db_query("SELECT * FROM kimsbod7_{$table}_dat WHERE BB_UID='{$uid}'", $DB_CONNECT));
if (!$RCD[BB_UID]) {
putErrPage(getErrorMsg(3));
}
if ($RCD[BB_SECRET]) {
isSecretPass($HTTP_SESSION_VARS[kimsboard7_secr], $RCD[BB_UID], $RCD[BB_MB_ID]);
}
putReadCount($table, $uid, $HTTP_SESSION_VARS[kimsboard7_view], $bbs[HowCount]);
$gvDownJsQue = "0,0,0,0,0,0,0";
if ($RCD[BB_FILE] || $RCD[BB_LINK]) {
$Enable_Down = getEnterPerm($bbs[DownloadPm], $RCD[BB_MB_ID], $RCD[BB_FILE], $RCD[BB_LINK]);
$gvUpfileStr = $Enable_Down ? getMultiFileStr($RCD[BB_FILE], "./bbs/table/" . $table . "/upload") : '';
$gvUpfileNum = getMultiFileNum($RCD[BB_FILE]) + getMultiFileNum($RCD[BB_LINK]);
$gvDownJsQue = $Enable_Down . ",'" . $gvUpfileStr . "'," . $gvUpfileNum . "," . $RCD[BB_DOWN] . ",'" . $table . "'," . $RCD[BB_UID] . ",'" . $bbs[Skin] . "'";
$gvDownJsQue = $Enable_Down ? $gvDownJsQue . ",'" . $RCD[BB_LINK] . "'" : $gvDownJsQue . ",''";
}
$gvModifyQue = "'modify'," . $isRoot . "," . $isAdmin . ",'" . $v_LogId . "','" . $RCD[BB_MB_ID] . "','" . $RCD[BB_UID] . "','',event";
$gvDeleteQue = "'delete'," . $isRoot . "," . $isAdmin . ",'" . $v_LogId . "','" . $RCD[BB_MB_ID] . "','" . $RCD[BB_UID] . "','',event";
$Field_Arr = array("BB_PID", "", "", "", "BB_SUBJECT", "BB_NAME", "BB_HIT", "BB_REQ", "BB_DOWN", "BB_UID", "BB_HOME_URL", "BB_PREVIEW", "BB_IP", "BB_AGENT", "BB_ADD");
$addarr = explode(',', $bbs[add_field]);
for ($k = 0; $k < 10; $k++) {
$addarrexp = explode('|', trim($addarr[$k]));
if (!$addarrexp[0]) {
continue;
}
$Field_Arr[] = $addarrexp[1];
}
$Title_Arr = explode(',', $bbs[sbjstr]);
$Title_Num = sizeof($Title_Arr);
$Seted_Arr = explode(',', $bbs[sbjset]);
$Seted_Num = sizeof($Seted_Arr);
$ListPerm = getEnterPerm($bbs[ListPm], "", true, true);
if (!$ListPerm) {
putErrPage(getErrorMsg(2));
}
$ViewPerm = getEnterPerm($bbs[ViewPm], "", true, true);
if (!$ViewPerm) {
$Vauth = "disabled";
}
$WritePerm = getEnterPerm($bbs[WritePm], "", true, true);
if (!$WritePerm) {
$Wauth = "none";
}
$ReplyPerm = getEnterPerm($bbs[ReplyPm], "", true, true);
if (!$ReplyPerm) {
$Rauth = "none";
}
$LimitArr = explode(',', trim($bbs[NoticeUid]));
$recnum = $grecnum && $grecnum < 200 ? $grecnum : $bbs[recnum];
echo "</script>";
exit;
}
//다운로드체크
$refer_exp = explode('?', $HTTP_REFERER);
if (!$HTTP_REFERER || !strstr($refer_exp[0], $HTTP_HOST)) {
getAlertMsg(getErrorMsg(2));
}
if ($where == 'dat') {
if (!getEnterPerm($bbs[DownloadPm], "", true, true)) {
getAlertMsg(getErrorMsg(2));
}
db_query("UPDATE kimsbod7_" . $table . "_dat SET BB_DOWN=BB_DOWN+1 WHERE BB_UID='" . $uid . "'", $DB_CONNECT);
} else {
if (!getEnterPerm($bbs[CmtDownPm], "", true, true)) {
getAlertMsg(getErrorMsg(2));
}
db_query("UPDATE kimsbod7_" . $table . "_rpl SET RP_DOWN=RP_DOWN+1 WHERE RP_UID='" . $uid . "'", $DB_CONNECT);
}
$Down_Path = $dtype == 'up' ? "./bbs/table/" . $table . "/upload/" : "";
$Inline_Q1 = "gif,jpg,jpeg,png,bmp";
$Inline_Q2 = "html,php3,asp,jsp,cgi,xml";
if ($dtype == 'up') {
$Fullfile = $Down_Path . $file;
$File_spl = explode('.', $file);
$File_Ext = strtolower(array_pop($File_spl));
if (strstr($Inline_Q1, $File_Ext)) {
$que_file = "./bbs/lib/module/imgview/image.php?image=" . urlencode("../../../table/" . $table . "/upload/" . $file);
echo "<script>window.open('" . $que_file . "','imagewin','left=0,top=0,width=100,height=100');</script>";
exit;
}
<?php
if (!$uid) {
putErrPage(getErrorMsg(3));
}
$UID_DATA = db_fetch_array(db_query("SELECT * FROM kimsbod7_" . $table . "_dat WHERE BB_UID='{$uid}'", $DB_CONNECT));
if (!getPassCheck($COMP_PASS, $UID_DATA[BB_PASS], $UID_DATA[BB_MB_ID])) {
putErrPage(getErrorMsg(4));
}
$KEY_UPDATE = db_query("SELECT * FROM kimsbod7_" . $table . "_key WHERE KY_PID <= " . $UID_DATA[BB_PID] . " ORDER BY KY_KEY DESC", $DB_CONNECT);
$ROW_DATA = db_fetch_array(db_query("SELECT MIN(BB_PID) FROM kimsbod7_" . $table . "_dat", $DB_CONNECT));
$NKEY = $ROW_DATA[0];
while ($KEY = db_fetch_array($KEY_UPDATE)) {
$DEL_QUE = "SELECT BB_PID FROM kimsbod7_" . $table . "_dat ";
$DEL_QUE .= "WHERE BB_PID >= {$NKEY} AND BB_PID < " . $KEY[KY_PID] . " ORDER BY BB_PID DESC LIMIT 0,1";
$UKEY = db_fetch_array(db_query($DEL_QUE, $DB_CONNECT));
$NKEY = $KEY[KY_PID];
if ($UKEY[BB_PID]) {
db_query("UPDATE kimsbod7_" . $table . "_key SET KY_PID='" . $UKEY[BB_PID] . "' WHERE KY_KEY='" . $KEY[KY_KEY] . "'", $DB_CONNECT);
} else {
db_query("DELETE FROM kimsbod7_" . $table . "_key WHERE KY_KEY='" . $KEY[KY_KEY] . "'", $DB_CONNECT);
}
}
$CMT_DATA = db_query("SELECT * FROM kimsbod7_" . $table . "_rpl WHERE RP_PARENT='{$uid}'", $DB_CONNECT);
while ($CMT = db_fetch_array($CMT_DATA)) {
getUpfileDelete($CMT[RP_FILE], $table);
}
getUpfileDelete($UID_DATA[BB_FILE], $table);
db_query("DELETE FROM kimsbod7_" . $table . "_dat WHERE BB_UID='" . $uid . "'", $DB_CONNECT);
db_query("DELETE FROM kimsbod7_" . $table . "_rpl WHERE RP_PARENT='" . $uid . "'", $DB_CONNECT);
if ($bbs[rec_give]) {
function handleJSON_getUserProfile($smarty, $module_name)
{
include_once "libs/paloSantoForm.class.php";
include "configs/languages.conf.php";
//este archivo crea el arreglo language que contine los idiomas soportados
//por elastix
Header('Content-Type: application/json');
$arrCredentials = getUserCredentials($_SESSION['elastix_user']);
$lang = get_language();
$error_msg = '';
$archivos = array();
$langElastix = array();
global $arrConf;
$ERROR = '';
$pDB = new paloDB($arrConf['elastix_dsn']["elastix"]);
$pACL = new paloACL($pDB);
$jsonObject = new PaloSantoJSON();
$dataProfile = getDataProfile($pDB, $ERROR);
if ($dataProfile === FALSE) {
$smarty->assign("MSG_ERROR_FIELD", getErrorMsg());
$jsonObject->set_error(getErrorMsg());
return $jsonObject->createJSON();
}
$extension = "{$dataProfile['exten']}/{$dataProfile['device']}";
leer_directorio("/usr/share/elastix/lang", $error_msg, $archivos);
if (count($archivos) > 0) {
foreach ($languages as $lang => $lang_name) {
if (in_array("{$lang}.lang", $archivos)) {
$langElastix[$lang] = $lang_name;
}
}
}
$selectedLanguage = $pACL->getUserProp($arrCredentials['idUser'], "language");
if ($selectedLanguage === FALSE) {
$jsonObject->set_error(_tr("Invalid Language"));
return $jsonObject->createJSON();
}
$smarty->assign("TITLE_POPUP", _tr("My Profile "));
$smarty->assign("SAVE_POPUP", _tr("Save changes"));
$smarty->assign("CHANGE_PASSWD_POPUP", _tr("Change Password"));
$smarty->assign("userProfile_label", _tr("User"));
$smarty->assign("userProfile", $dataProfile['username']);
$smarty->assign("extenProfile_label", _tr("Extension"));
$smarty->assign("extenProfile", $extension);
$smarty->assign("faxProfile_label", _tr("Fax"));
$smarty->assign("faxProfile", $dataProfile['fax_extension']);
$smarty->assign("nameProfile", $dataProfile['name']);
$smarty->assign('ID_PICTURE', $arrCredentials['idUser']);
$smarty->assign('DeleteImage', _tr('Delete Image'));
$dataProfile['languageProfile'] = $selectedLanguage;
$arrFormFilter = createProfileForm($langElastix);
$oFilterForm = new paloForm($smarty, $arrFormFilter);
$htmlFilter = $oFilterForm->fetchForm("/var/www/html/web/themes/elastix3/_common/profile_uf.tpl", _tr('My Profile'), $dataProfile);
$jsonObject = new PaloSantoJSON();
$jsonObject->set_message($htmlFilter);
return $jsonObject->createJSON();
}
<?php
header('content-type: text/html; charset=utf-8');
require "./include/init.php";
require_once './include/file.func.tool.php';
/*
文件太大会有问题!
*/
$file = isset($_FILES['file']) ? $_FILES['file'] : '';
/*print_r($file);
var_dump($file['error']);
exit;
*/
if ($msg = getErrorMsg($file['error'])) {
echo "<script> alert('{$msg}'); history.go(-1); </script>";
exit;
} else {
if (!isImageByExt($file['name']) || !isImageByType($file['type'])) {
echo "<script> alert('照片格式不正确,请检查!'); history.go(-1); </script>";
exit;
}
}
$filedir = './data/images/';
$path = mk_dir($filedir) . '/' . randName() . '.' . getfileExt($file['name']);
if (!move_uploaded_file($file['tmp_name'], $path)) {
echo "<script> alert('对不起,服务器繁忙,请稍后再试!'); history.go(-1); </script>";
exit;
}
$username = trim($_POST['username']);
$imagename = $file['name'];
$imagepath = $path;
